So only the params specified in safe_update are being saved. If I add a new field to the model, I have to explicitely add it to the safe_update method, otherwise it won’t get saved. It requires a bit of extra work but the good thing is that I know at all time what’s being sent and updated everytime I look at that method and it forces me to maintain it correctly. It’s not incompatible with scaffolding as it could still add the default fields to safe_update on generating the controller methods.

Update: As reported in the comments and on Twitter by DHH himself, using slice on update_attributes would have the same effect. So you could just do: